Zac Hall, 9to5Mac:
Despite Apple’s strict review process for software distributed through the App Store, it’s still possible for malicious actors to take advantage of loop holes in the system to scam customers.
The latest example is a rather sophisticated and devious trick used by an app that claims to read your heart rate through your fingertip using Touch ID. In reality, the app (which is currently on the App Store) uses your fingerprint to authorize a transaction for $89.99 while dramatically dimming the screen to fool you.
Apple requires approval for in-app purchases during app review, but not for changing the amount (from 99¢ to $89.99, for example). The malicious app may also be flying under the radar as it largely targets Portuguese speaking customers, but does support English as well.
The app has been removed, but you have to wonder how the app made it past the app review process. Even if the app charged 99¢, to me that’s no less devious. This feels like it slipped through the cracks.
I’m assuming Apple will refund any fraudulent charges and will use this example to harden that review process.